OpenOffice tackles "highly critical" hole

Forum Moderators: phranque

Message Too Old, No Replies

OpenOffice tackles "highly critical" hole

engine

12:45 pm on Jan 9, 2007 (gmt 0)

OpenOffice.org has patched a critical vulnerability in the open source application suite.
The vulnerability concerns the way OpenOffice handles '.wmf' images. Exploitation of the vulnerability, which affects all but the newest version of OpenOffice, can enable a hacker to perform a buffer overflow and then introduce malicious code to the victim's PC.
Security advisor Secunia rates the vulnerability as "highly critical", and has urged users to patch their systems.

OpenOffice tackles "highly critical" hole [software.silicon.com]

coopster

1:04 am on Jan 10, 2007 (gmt 0)

So as long as we aren't opening and using Microsoft Windows metafile format, we are OK?

Just kidding, thanks for the heads up, engine. Patching immediately.

;)

encyclo

3:51 am on Jan 10, 2007 (gmt 0)

A critical problem, yes, but at least a patch is now available... unlike Microsoft Word, which is still without patches for several critical vulnerabilities:

[eweek.com...]

Microsoft has released high-priority fixes for serious vulnerabilities in its Outlook and Excel applications, but there are no patches in the January batch for known Microsoft Word flaws that are currently under attack. (...) The company's security response team has officially confirmed that at least three undocumented Word vulnerabilities are being used in code-execution attacks against select targets.

Kudos to the OpenOffice team, it's a great product, still much safer than MS Office and free too.